Change Detection - Server Side Template Injection

A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. id: CVE-2024-32651 info: name: Change Detection - Server Side Template Injection author: edoardottt severity: critical description: | A Server...

Astra Linux - уязвимость в node-ssri

ssri 5.2.2-8.0.0; fixed in 8.0.1. This version processes SRIs using a regular expression, which is vulnerable to a denial of service attack. Malicious SRIs could take an extremely long time to process, resulting in a denial of service. This issue only affects consumers who use the “strict” option...

MiracleLinux 8 : nodejs:14 (AXSA:2021-2343:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2343:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

MiracleLinux 8 : nodejs:12 (AXSA:2021-2333:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2333:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-2.el7, rh-nodejs14-nodejs-14.17.2-1.el7 (AXSA:2021-2260:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2260:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

EUVD-2018-0168

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-7651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long...

CVE-2018-7651

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...

Linux Distros Unpatched Vulnerability : CVE-2021-27290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely...

RHEL 8 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 ...

RHEL 8 : nodejs-ssri (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ssri: Regular expression DoS ReDoS when parsing malicious SRI in strict mode CVE-2021-27290 Note that Nessus...

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

Oracle Linux 8 : nodejs:14 (ELSA-2021-3074)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3074 advisory. - Resolves CVE-2021-22918libuv, use system cipher list Tenable has extracted the preceding description block directly from the Oracle Linux security...

CentOS 8 : nodejs:12 (CESA-2021:3073)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3073 advisory. - libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 - nodejs-hosted-git-info: Regular Expression...

openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:1113-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1113-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities

The version of Node.js installed on the remote host is prior to 12.22.2, 14.17.2, 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 Security Releases advisory. - Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used...